I was stupid tried to install Nod32, thinkig that a working version had finally been released, so now, as my antivirus protection was inexistant I've just had an attack:

ad-aware & spybot( both updated) can't remove the shit ( something named isearch highjacking)

Norton corp 8.1 neither (updated)

and neither can microsoft antispyware ( updated)

That shit distroyed my windows firewall, fucked up my firefox, put me a search bar in the desktop, slowed down my computer, & pooped sum icons on my desktop.

what should I do?

remove anyweird items from your startup -use this http://www.windowsstartup.com/download.php or something else
kill anyweird processes from from taskmanager (ctrl alt delete)
ten run spyware again
also
hijackthis log - download here http://www.majorgeeks.com/download3155.html

doesn't work ):

post the hijackthis! log or have it analyzed here: www.hijackthis.de

Logfile of HijackThis v1.99.1
Scan saved at 23:20:32, on 29/03/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Documents and Settings\0\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R3 - Default URLSearchHook is missing
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINDOWS\isrvs\mfiltis.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: ShellCompatibility - C:\WINDOWS\system32\fp4403hqe.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe

so I've downloaded hijack this, had analised my computer, and had analised the log file so I get this (see image enclosed)

I cant remove the shit from the window task manager, nor with the "Startup Inspector for Windows" 15 percent told me.

i've never seen something like this, even with run---msconfig , it doesn't work!!!

anyone here ?:(

boot into safe mode and try to remove all that shit with your spyware apps. It might work may not.

open your hosts file with notepad
the hosts file is here (it is simply a file called "hosts"
Windows XP = C:\WINDOWS\SYSTEM32\DRIVERS\ETC
Windows 2K = C:\WINNT\SYSTEM32\DRIVERS\ETC
Win 98\ME = C:\WINDOWS

delete these lines
69.20.16.183 search.netscape.com
69.20.16.183 ieautosearch
69.20.16.183 auto.search.msn.com

and save.

You have a trojan virus - Win32.Ieser.a

and do a google search for a antivirus soltuion to
C:\WINDOWS\isrvs\desktop.exe Trojan-Downloader.Win32.Ieser.a
i found this manual removal
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ%5FIESER%2EA&VSect=Sn

1. Delete your HOSTS file... delete the whole file for a clean start.
2. Run CWShreader, see what you can clean. http://www.intermute.com/spysubtract/cwshredder_download.html
3. Run NOD32 antivirus and McAffee antivirus from here, http://mirror.edskes.com Its not a full antivirus with installing persay, but more of a on demand run-it-when-you-need-to scanner.
4 Try running adaware (pro) and spybot again.
5. Install SpySweeper and run it.
6. Rerun HijackThis and post log.

do a online virus/security scan using
http://housecall.trendmicro.com/housecall/start_corp.asp
(in safe mode with networking)

also try some other spyware remover like bullet proof.
also look here C:\WINDOWS\Downloaded Program Files and add remove programs somtimes spyware progs install them selves there

Also shut down System Restore till you get it sorted . Bere in mind it might not go quitely , it my fuck up your internet setting with it. Some screw up winsock 32

it was too hard, I finaly decide to fresh-install my computer, this shitware is EVIL, can't get rid of it........

There's always a way to get those spyware/adware shit off your computer or atleast from keeping them from damaging your computer.Next time something like that happends, I suggest you immediatley turn off your system restore, get "counterspy" -really great spyware/adware scanning and removing tool if you dont already have it. Then restart in SAFE MODE, run counterspy, delete everything that it detected, also, delete your hosts file and start a fresh new one. Then go to Add/Remove and see if you can get rid of some shit that is not supposed to be on your computer - use google to search what the files are if your not sure before removing. Then you should download some good tools to clean your registry cause I know for a fact you have keyloggers, changed settings, and shit that is just not supposed to be there in the first place because of the spyware/adware. Get Registry Clean Expert -GOOD TOOL.

Note: Using just one spyware/adware program will not get rid of ALL spyware. You must have atleast 3 -Counterspy, Ad-aware, Spybot Search & Destroy Counterspy, Microsoft Antispywar Beta, Spybot Search & Destroy. You can remove these programs and stick with one after just incase something minor happends in the future becuase I know you have learned from this.

Recommendatons: Download a Spyware Blaster after all of this, this tool will block all of spyware/adware before they even get onto your computer. Very clever tool, works great!

If you need any of these programs and do not know where to find them or get them, pls hit me up.

He has three of those. :rolleyes:

@kurse,good advice ! It sure helps when you learn from experience .No better way . I read your post with a big grin . :)